Описание
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.
Ссылки
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jivesoftware:jive:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 7.19 (включая)
cpe:2.3:a:pascom:cloud_phone_system:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.70707
Высокий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.
EPSS
Процентиль: 99%
0.70707
Высокий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918